News

India makes it onto list of likely threats for the first time

A report by Canada's Communications Security Establishment (CSE) revealed that state-backed actors have collected valuable information from government networks for five years.…

Plus a free micropatch until Redmond fixes the flaw

There's a Windows Themes spoofing zero-day bug on the loose that allows attackers to steal people's NTLM credentials.…

If you're gonna come at the mouse, you need to be better at hiding your tracks

A disgruntled ex-Disney employee has been arrested and charged with hacking his former employer's systems to alter restaurant menus with potentially deadly consequences. …

The prolific Midnight Blizzard crew cast a much wider net in search of scrummy intel

Microsoft says a mass phishing campaign by Russia's foreign intelligence services (SVR) is now in its second week, and the spies are using a novel info-gathering technique.…

Release the Kraken!

China has accused unnamed foreign entities of using devices hidden in the seabed and bobbing on the waves to learn its maritime secrets.…

Or: why using the same iCloud account for malware development and gaming is a bad idea

The US government has named and charged a Russian national, Maxim Rudometov, with allegedly developing and administering the notorious Redline infostealer. …

'It was like watching a robot going rogue' says researcher

OpenAI's language model GPT-4o can be tricked into writing exploit code by encoding the malicious instructions in hexadecimal, which allows an attacker to jump the model's built-in security guardrails and abuse the AI for evil purposes, according to 0Din researcher Marco Figueroa.…

US also charges an alleged Redline dev, no mention of an arrest

International law enforcement officials have arrested two individuals and charged another in connection with the use and distribution of the Redline and Meta infostealer malware strains.…

Health care breaches lead to legislation

Partner Content  Breaches breed regulation; which hopefully in turn breeds meaningful change.…

Patch up: The Spring framework dominates the Java ecosystem

If you're running an application built using the Spring development framework, now is a good time to check it's fully updated – a new, critical-severity vulnerability has just been disclosed.…

It's not just the French president, Biden and Putin also reportedly trackable

The French equivalent of the US Secret Service may have been letting their guard down, as an investigation showed they are easily trackable via the fitness app Strava.…

Only took 'em a year to dish up some scary travel advice, and a Secure Innovation … Placemat?

Cyber security agencies from the Five Eyes nations have delivered on a promise to offer tech startups more guidance on how to stay secure.…

GCHQ job ads seek top talent with bottom-end pay packets

While the wages paid by governments seldom match those available in the private sector, it appears that the UK's intelligence, security and cyber agency is a long way short of being competitive in its quest for talent.…

ATMs paid customers thousands ... and now the bank wants its money back

JPMorgan Chase has begun suing fraudsters who allegedly stole thousands of dollars from the bank's ATMs after a check fraud glitch went viral on social media.…

'They're taunting us,' investigator says and it looks like it's working

The feds are investigating Chinese government-linked cyberspies breaking into the infrastructure of US telecom companies, as reports suggest Salt Typhoon - the same crew believed to be behind those hacks - has also been targeting phones belonging to people affiliated with US Democratic presidential candidate Kamala Harris, along with Republican candidate Donald Trump and his running mate, JD Vance.…

The platform 'continues to take action' against illegal posts, we're told

Exclusive  Brazen crooks are selling people's pilfered financial information on Meta's Threads, in some cases posting full credit card details, plus stolen credentials, alongside images of the cards themselves.…

Legal action comes months after alleging negligence by Falcon vendor

Delta Air Lines is suing CrowdStrike in a bid to recover the circa $500 million in estimated lost revenue months after the cybersecurity company "caused" an infamous global IT outage.…

Legal proceedings underway with more details to follow

Dutch police (Politie) say they've dismantled the servers powering the Redline and Meta infostealers – two key tools in a modern cyber crook's arsenal.…

One told to take down posts that said nice things about WP Engine

Organisers of WordCamps, community-organized events for WordPress users, have been ordered to take down some social media posts and share their login credentials for social networks.…

Also, Change Healthcare sets a record, cybercrime cop suspect indicted, a new Mallox decryptor, and more

in brief  Senate intelligence committee chair Mark Warner (D-VA) is demanding to know why, in the wake of the bust-up of a massive online Russian disinformation operation, the names of six US-based domain registrars seem to keep popping up as, at best, negligent facilitators of election meddling. …